Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/62e6447f-41d0-4cde-bd02-7cf414edd298.roa
File:                     62e6447f-41d0-4cde-bd02-7cf414edd298.roa (raw, json)
Hash identifier:          9nxu/pBP4yzb4tOb4wyWue4tZvTrSCdjJbutDTaK3UI=
Subject key identifier:   37:A1:33:04:8E:FA:A2:3A:69:07:6A:8B:16:C5:7C:D1:C3:F8:72:7B
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1B1563D4484B7961BC7AD1D2B4E575B8352B4A17
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/62e6447f-41d0-4cde-bd02-7cf414edd298.roa
Signing time:             Mon 18 Dec 2023 00:00:00 +0000
ROA not before:           Mon 18 Dec 2023 00:00:00 +0000
ROA not after:            Mon 22 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:15:63:d4:48:4b:79:61:bc:7a:d1:d2:b4:e5:75:b8:35:2b:4a:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 18 00:00:00 2023 GMT
            Not After : Jan 22 23:59:59 2024 GMT
        Subject: serialNumber=b254c41d0877e00ddc3f3567f7ffe4bb69a1f7ead659392a5ed5a1fcee8af9e5, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:c7:70:f8:7b:2c:5b:ba:45:51:b6:5e:3c:27:
                    fe:bb:57:ba:24:12:cf:ed:2f:d3:1b:84:ff:9f:1c:
                    98:91:c5:30:5d:24:88:52:7f:ae:a0:66:56:c4:ba:
                    3c:55:0f:8a:8b:e3:e5:9b:55:80:37:ab:3e:54:13:
                    bd:ee:a2:91:c8:a0:47:0f:82:09:71:63:f2:b9:82:
                    0d:18:38:44:c4:80:6e:a2:ff:43:3c:84:a0:7b:c7:
                    89:89:65:c6:a4:e1:78:eb:7d:ad:11:2f:6e:f7:b0:
                    39:97:d1:cb:a1:b3:e8:66:7d:c2:e1:ab:6e:91:e4:
                    b4:da:da:ea:d1:f6:15:a0:59:8d:e7:cd:10:cc:a0:
                    79:84:0e:70:6a:41:e1:ea:6d:64:66:c6:68:c6:0d:
                    01:bb:9e:43:d3:a8:c3:4f:e4:35:62:8d:4e:2b:0b:
                    0d:06:8e:eb:73:b8:6f:48:ba:c7:d4:d0:39:0b:a4:
                    ba:0d:1b:c9:3b:be:d6:37:24:4c:6e:fb:4d:9a:53:
                    5c:b9:2c:25:93:01:fe:d7:c7:10:57:6b:97:ea:93:
                    c9:8b:de:f1:f1:42:a3:33:5d:55:23:36:52:18:da:
                    7e:bf:4f:db:72:b2:9e:2c:4c:0a:55:92:92:95:85:
                    85:db:8e:39:d0:73:97:79:21:65:4d:9b:1d:76:1e:
                    11:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:A1:33:04:8E:FA:A2:3A:69:07:6A:8B:16:C5:7C:D1:C3:F8:72:7B
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/62e6447f-41d0-4cde-bd02-7cf414edd298.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:4d:50:64:83:2d:74:63:02:80:39:5b:41:51:f4:a0:aa:9c:
         65:04:3e:6d:3a:79:ee:4e:47:2b:e0:bd:06:8c:79:9b:dc:cb:
         66:b0:6b:65:1d:1a:04:2c:b2:cd:59:13:93:be:28:38:6d:8b:
         47:5f:22:40:db:37:93:64:5c:a8:e6:74:e6:7a:a5:86:8f:3e:
         a4:28:a0:9c:d9:e5:46:74:ac:53:cc:12:f0:c5:42:1b:a7:d0:
         c6:dc:94:fe:4b:ce:fa:14:64:10:82:0e:09:91:67:c1:c9:51:
         a7:e5:5c:1c:0d:ec:68:37:ec:56:cb:6f:5d:ab:83:96:8d:1d:
         3e:c6:97:20:a2:43:fd:89:ac:62:f5:f6:48:23:61:6c:8f:90:
         56:f6:7f:ed:1e:08:80:33:24:45:c9:c7:4d:6c:a7:a0:10:75:
         c9:75:6f:e1:0f:a2:26:78:0a:9b:1e:9c:ce:8f:62:44:6d:88:
         cc:de:0a:fc:46:27:13:0e:70:cc:78:84:c0:91:7d:b7:18:5c:
         d8:e5:de:85:58:94:71:68:dd:56:08:85:5f:83:20:f4:7a:c8:
         c4:33:18:fe:ec:18:d6:07:29:85:9d:f3:a7:e0:a6:be:b7:2d:
         c7:7c:c1:ff:78:f7:33:44:9b:c9:0a:b3:8d:63:6c:59:04:84:
         45:21:23:b8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGxVj1EhLeWG8etHStOV1uDUrShcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjE4MDAwMDAwWhcNMjQwMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BiMjU0YzQxZDA4NzdlMDBkZGMzZjM1NjdmN2ZmZTRiYjY5
YTFmN2VhZDY1OTM5MmE1ZWQ1YTFmY2VlOGFmOWU1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxx3D4eyxbukVRtl48J/67V7okEs/tL9MbhP+fHJiRxTBd
JIhSf66gZlbEujxVD4qL4+WbVYA3qz5UE73uopHIoEcPgglxY/K5gg0YOETEgG6i
/0M8hKB7x4mJZcak4Xjrfa0RL273sDmX0cuhs+hmfcLhq26R5LTa2urR9hWgWY3n
zRDMoHmEDnBqQeHqbWRmxmjGDQG7nkPTqMNP5DVijU4rCw0GjutzuG9IusfU0DkL
pLoNG8k7vtY3JExu+02aU1y5LCWTAf7XxxBXa5fqk8mL3vHxQqMzXVUjNlIY2n6/
T9tysp4sTApVkpKVhYXbjjnQc5d5IWVNmx12HhHtAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUN6EzBI76ojppB2qLFsV80cP4cnswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzYyZTY0NDdmLTQxZDAtNGNkZS1iZDAyLTdjZjQxNGVkZDI5OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAABNUGSDLXRjAoA5W0FR9KCqnGUE
Pm06ee5ORyvgvQaMeZvcy2awa2UdGgQsss1ZE5O+KDhti0dfIkDbN5NkXKjmdOZ6
pYaPPqQooJzZ5UZ0rFPMEvDFQhun0MbclP5LzvoUZBCCDgmRZ8HJUaflXBwN7Gg3
7FbLb12rg5aNHT7GlyCiQ/2JrGL19kgjYWyPkFb2f+0eCIAzJEXJx01sp6AQdcl1
b+EPoiZ4CpsenM6PYkRtiMzeCvxGJxMOcMx4hMCRfbcYXNjl3oVYlHFo3VYIhV+D
IPR6yMQzGP7sGNYHKYWd86fgpr63Lcd8wf949zNEm8kKs41jbFkEhEUhI7g=
-----END CERTIFICATE-----